Updated Intel Bill Mandates FBI Report on Cyber Recruiting

An updated draft of a must-pass intelligence policy bill released Tuesday includes a mandate for the FBI to report on efforts to integrate cyber expertise into its investigations.

The report, due to congressional intelligence committees in six months, should include clear benchmarks about efforts to recruit and retain agents with skills in encryption, cryptography and big data analytics, according to the draft Intelligence Authorization Act for fiscal year 2017 released by House Intelligence Chairman Devin Nunes, R-Calif.

The new text updates a version passed by the Intelligence Committee in May. The authorization act should come to the House and Senate floors sometime during the current lame-duck session.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The FBI report also should describe the quantity and quality of cyber cooperation between the bureau and the private sector, the bill states.

The revised bill comes amid a debate over an imminent expansion of FBI hacking powers, which would make it easier for the FBI to hack into encrypted networks where criminals share child pornography or to investigate and disrupt botnets. Botnets are armies of infected computers and other connected devices that malicious actors use to attack websites.

Digital rights and civil liberties groups have raised concerns about the power expansion, including that it will make the FBI more likely to compromise the personal information or damage the computers of innocent bystanders whose computers have been conscripted into botnets.

Assistant Attorney General Leslie Caldwell has pushed back against those claims, saying the Justice Department works closely with private-sector experts in digital cases to limit any damage to bystanders.

The expansion of Rule 41 of the Federal Rules of Criminal Procedure will take effect Thursday unless Congress intervenes, which is unlikely.

The intelligence authorization update also includes new provisions requiring the director of national intelligence to report on outreach and recruiting efforts in cybersecurity and other science and technology fields and creating and funding a Cyber Center for Education and Innovation within the National Cryptologic Museum at Fort Meade, Maryland.

The bill retains language mandating reports on cyber threats to U.S. seaports and the maritime industry and countering messaging from the Islamic State on social media and elsewhere.

The update does not include a section directing the director of national intelligence to assist the Defense Department and the Office of Personnel Management in managing and securing the information technology backbone of the National Background Investigations Bureau.

The NBIB, which is housed within OPM but whose technology is managed by DOD, was created in the wake of the OPM data breach, which compromised background investigation records of 21.5 million current and former federal employees and their families.

The bill language was removed to align the Intelligence Authorization Act with mandates in the National Defense Authorization Act, a major defense policy bill, which should also be before Congress during the lame duck, a committee aide said.